Agent: Change credential collectors, payloads and pbas in flat config

Flat config changes are made in order for config object to be serializable
This commit is contained in:
vakarisz 2022-06-17 18:05:26 +03:00 committed by Shreya Malviya
parent b99ad70774
commit d393a0b3c6
3 changed files with 31 additions and 21 deletions

View File

@ -357,6 +357,7 @@ class ConfigService:
ConfigService._format_payloads_from_flat_config(config)
ConfigService._format_pbas_from_flat_config(config)
ConfigService._format_propagation_from_flat_config(config)
ConfigService._format_credential_collectors(config)
# Ok, I'll admit this is just sort of jammed in here. But this code is going away very soon.
del config["HTTP_PORTS"]
@ -376,9 +377,18 @@ class ConfigService:
for field in fields_to_remove:
config.pop(field, None)
@staticmethod
def _format_credential_collectors(config: Dict):
collectors = [
{"name": collector, "options": {}} for collector in config["credential_collectors"]
]
config["credential_collectors"] = collectors
@staticmethod
def _format_payloads_from_flat_config(config: Dict):
config.setdefault("payloads", {})["ransomware"] = config["ransomware"]
config.setdefault("payloads", []).append(
{"name": "ransomware", "options": config["ransomware"]}
)
config.pop("ransomware", None)
@staticmethod
@ -388,9 +398,9 @@ class ConfigService:
flat_windows_command_field = "custom_PBA_windows_cmd"
flat_windows_filename_field = "PBA_windows_filename"
formatted_pbas_config = {}
for pba in config.get("post_breach_actions", []):
formatted_pbas_config[pba] = {}
formatted_pbas_config = [
{"name": pba, "options": {}} for pba in config.get("post_breach_actions", [])
]
config["custom_pbas"] = {
"linux_command": config.get(flat_linux_command_field, ""),

View File

@ -27,6 +27,7 @@
"private_key": "my_private_key"
}
],
"credential_collectors": ["MimikatzCollector", "SSHCollector"],
"exploit_user_list": [
"Administrator",
"root",

View File

@ -25,7 +25,6 @@ def test_format_config_for_agent__credentials_removed():
def test_format_config_for_agent__ransomware_payload():
expected_ransomware_options = {
"ransomware": {
"encryption": {
"enabled": True,
"directories": {
@ -35,24 +34,24 @@ def test_format_config_for_agent__ransomware_payload():
},
"other_behaviors": {"readme": True},
}
}
flat_monkey_config = ConfigService.format_flat_config_for_agent()
assert "payloads" in flat_monkey_config
assert flat_monkey_config["payloads"] == expected_ransomware_options
assert flat_monkey_config["payloads"][0]["name"] == "ransomware"
assert flat_monkey_config["payloads"][0]["options"] == expected_ransomware_options
assert "ransomware" not in flat_monkey_config
def test_format_config_for_agent__pbas():
expected_pbas_config = {
"CommunicateAsBackdoorUser": {},
"ModifyShellStartupFiles": {},
"ScheduleJobs": {},
"Timestomping": {},
"AccountDiscovery": {},
}
expected_pbas_config = [
{"name": "CommunicateAsBackdoorUser", "options": {}},
{"name": "ModifyShellStartupFiles", "options": {}},
{"name": "ScheduleJobs", "options": {}},
{"name": "Timestomping", "options": {}},
{"name": "AccountDiscovery", "options": {}},
]
flat_monkey_config = ConfigService.format_flat_config_for_agent()
assert "post_breach_actions" in flat_monkey_config